package model_test import ( "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.yandata.net/iod/iod/go-trustlog/api/model" ) func TestCryptoConfig_Validate(t *testing.T) { t.Parallel() tests := []struct { name string config *model.CryptoConfig wantErr bool }{ { name: "valid SM2 config", config: &model.CryptoConfig{ SignatureAlgorithm: model.SM2Algorithm, }, wantErr: false, }, { name: "valid Ed25519 config", config: &model.CryptoConfig{ SignatureAlgorithm: model.Ed25519Algorithm, }, wantErr: false, }, { name: "invalid signature algorithm", config: &model.CryptoConfig{ SignatureAlgorithm: "rsa", }, wantErr: true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { t.Parallel() err := tt.config.Validate() if tt.wantErr { require.Error(t, err) } else { require.NoError(t, err) } }) } } func TestSetGetGlobalCryptoConfig(t *testing.T) { // 不使用 t.Parallel(),因为它修改全局状态 // 保存当前配置 original := model.GetGlobalCryptoConfig() config := &model.CryptoConfig{ SignatureAlgorithm: model.Ed25519Algorithm, } err := model.SetGlobalCryptoConfig(config) require.NoError(t, err) retrieved := model.GetGlobalCryptoConfig() assert.Equal(t, config.SignatureAlgorithm, retrieved.SignatureAlgorithm) // 恢复原配置 _ = model.SetGlobalCryptoConfig(original) } func TestGenerateKeyPair_SM2(t *testing.T) { t.Parallel() config := &model.CryptoConfig{ SignatureAlgorithm: model.SM2Algorithm, } keyPair, err := model.GenerateKeyPair(config) require.NoError(t, err) assert.NotNil(t, keyPair) assert.NotNil(t, keyPair.Public) assert.NotNil(t, keyPair.Private) assert.Equal(t, model.SM2Algorithm, keyPair.Algorithm) } func TestGenerateKeyPair_Ed25519(t *testing.T) { t.Parallel() config := &model.CryptoConfig{ SignatureAlgorithm: model.Ed25519Algorithm, } keyPair, err := model.GenerateKeyPair(config) require.NoError(t, err) assert.NotNil(t, keyPair) assert.NotNil(t, keyPair.Public) assert.NotNil(t, keyPair.Private) assert.Equal(t, model.Ed25519Algorithm, keyPair.Algorithm) } func TestKeyPair_SignAndVerify_SM2(t *testing.T) { t.Parallel() config := &model.CryptoConfig{ SignatureAlgorithm: model.SM2Algorithm, } keyPair, err := model.GenerateKeyPair(config) require.NoError(t, err) data := []byte("test data for SM2 signing") // Sign signature, err := keyPair.Sign(data, nil) require.NoError(t, err) assert.NotEmpty(t, signature) // Verify ok, err := keyPair.Verify(data, signature) require.NoError(t, err) assert.True(t, ok) // Verify with wrong data should fail wrongData := []byte("wrong data") ok, err = keyPair.Verify(wrongData, signature) require.NoError(t, err) assert.False(t, ok) } func TestKeyPair_SignAndVerify_Ed25519(t *testing.T) { t.Parallel() config := &model.CryptoConfig{ SignatureAlgorithm: model.Ed25519Algorithm, } keyPair, err := model.GenerateKeyPair(config) require.NoError(t, err) data := []byte("test data for Ed25519 signing") // Sign signature, err := keyPair.Sign(data, nil) require.NoError(t, err) assert.NotEmpty(t, signature) // Verify ok, err := keyPair.Verify(data, signature) require.NoError(t, err) assert.True(t, ok) // Verify with wrong data should fail wrongData := []byte("wrong data") ok, err = keyPair.Verify(wrongData, signature) require.NoError(t, err) assert.False(t, ok) } func TestKeyPair_MarshalAndParse_SM2(t *testing.T) { t.Parallel() config := &model.CryptoConfig{ SignatureAlgorithm: model.SM2Algorithm, } keyPair, err := model.GenerateKeyPair(config) require.NoError(t, err) // Marshal private key privateKeyDER, err := keyPair.MarshalPrivateKey() require.NoError(t, err) assert.NotEmpty(t, privateKeyDER) // Marshal public key publicKeyDER, err := keyPair.MarshalPublicKey() require.NoError(t, err) assert.NotEmpty(t, publicKeyDER) // Parse keys back parsedPriv, err := model.ParsePrivateKey(privateKeyDER, model.SM2Algorithm) require.NoError(t, err) assert.NotNil(t, parsedPriv) parsedPub, err := model.ParsePublicKey(publicKeyDER, model.SM2Algorithm) require.NoError(t, err) assert.NotNil(t, parsedPub) // Test sign/verify with parsed keys data := []byte("test data") signature, err := model.SignWithConfig(data, privateKeyDER, config) require.NoError(t, err) ok, err := model.VerifyWithConfig(data, publicKeyDER, signature, config) require.NoError(t, err) assert.True(t, ok) } func TestSignWithConfig_And_VerifyWithConfig(t *testing.T) { t.Parallel() tests := []struct { name string algorithm model.SignatureAlgorithm }{ { name: "SM2", algorithm: model.SM2Algorithm, }, { name: "Ed25519", algorithm: model.Ed25519Algorithm, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { t.Parallel() config := &model.CryptoConfig{ SignatureAlgorithm: tt.algorithm, } // Generate key pair keyPair, err := model.GenerateKeyPair(config) require.NoError(t, err) // Marshal keys privateKeyDER, err := keyPair.MarshalPrivateKey() require.NoError(t, err) publicKeyDER, err := keyPair.MarshalPublicKey() require.NoError(t, err) // Sign data := []byte("test data") signature, err := model.SignWithConfig(data, privateKeyDER, config) require.NoError(t, err) assert.NotEmpty(t, signature) // Verify ok, err := model.VerifyWithConfig(data, publicKeyDER, signature, config) require.NoError(t, err) assert.True(t, ok) }) } }